| Info |
|---|
| The following steps are for RHEL/CentOS 7.x specifically. |
To configure haproxy as an SSL offloader for Content Gateway, you will need the following configuration steps.
...
| Code Block |
|---|
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $DOMAIN.key -out $DOMAIN.crt |
copy Concatenate the DOMAIN.crt (first) and the DOMAIN.key (second) into a DOMAIN.pem file.
Copy the DOMAIN.pem to /etc/pki/tls/certs/selfsignedcertDOMAIN.pem
For S3 as a general rule its a good idea to make a wildcard SSL certificate too, so repeat the same step steps as above and when prompted for the "Common Name" use "*.DOMAIN" , then copy the new CRT file to /etc/pki/tls/certs/selfsignedcertDOMAIN-wildcard.pem
To add the new certificate to /etc/haproxy/haproxy.cfg change
bind 0.0.0.0:443 ssl crt /etc/pki/tls/certs/selfsignedcertselfsignedcer.pem
to
bind 0.0.0.0:443 ssl crt /etc/pki/tls/certs/selfsignedcertDOMAIN.pem crt /etc/pki/tls/certs/selfsignedcertDOMAIN-wildcard.pem
| Info |
|---|
| Do this for all bind statements that have the ssl keyword configured. To activate restart haproxy: systemctl restart haproxy |
NOTE: If the content gateway is going to be used as the destination for a remote replication feed, the following setting must appear and be set properly in the /etc/caringo/cloudgateway/gateway.cfg file:
| Code Block |
|---|
[scsp]
...
...
allowSwarmAdminIP=172.30 |
In the example above, replicate "172.30" with the IP addresses (or prefix) of clients that will be sending administrative requests to the gateway. The most common example is the IP addresses (or prefix) of the nodes in a cluster that is using a remote replication feed with the gateway as its destination.
| Info |
|---|
Be aware that for Swarm UI in the configuration example above you will need to use host: <contentgatewayIP>:8091 in the login page to connect. |
...
| Page Properties | ||
|---|---|---|
| ||
|